<?php
//Check Email
function check_email($email) {

	if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {

		return false;

	}



	$email_array = explode("@", $email);

	$local_array = explode(".", $email_array[0]);

	for ($i = 0; $i < sizeof($local_array); $i++) {

		if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {

			return false;

		}

	}



	if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {

		$domain_array = explode(".", $email_array[1]);

		if (sizeof($domain_array) < 2) {

			return false;

		}

		for ($i = 0; $i < sizeof($domain_array); $i++) {

			if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {

				return false;

			}

		}

	}

	return true;

}
//Post Questions
if (isset($_POST['action']) && $_POST['action'] == 'post') {	

		
	check_admin_referer( 'new-post' );	
	$error = "";
	$user_id		= $current_user->ID;

	$question	= $_POST['question'];
	$content = $_POST['content'];	
	$tags = $_POST['tags'];
	
	$post_date = current_time(mysql);

	$post_title	 	 = $question;
	$post_content    = $content;
	$post_name = $question;
	$post_name = str_replace(" ", "-", $post_name);	
	
	if ( $question == "" || $content == "" ) 
	{
		$error .= "You need to fill all fields!<br>";
	}	
	
	if ( $error == "" ) 
	{
		$post_id = wp_insert_post( array(
			'post_author'	=> $user_id,
			'post_title'	=> $post_title,
			'post_content'	=> $post_content,
			'post_date'		=> $post_date,
			'post_name' 	=> $post_name,
			'post_category' => array(''.$_POST["cate"].''),
			'tags_input'	=> $tags, 
			'post_status'	=> 'publish'	
		) );		

						
		wp_redirect( get_bloginfo( 'url' ) );		
	exit;		
	} 		
}
//Send mail when apply online
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'send') {

	check_admin_referer( 'send_email' );
	session_start();

	$fullname = $_POST['fullname'];
	$email = $_POST['email'];
	$subject = $_POST['subject'];
	$message = $_POST['message'];
	$code = $_POST['code'];
	

	$error = "";

	//Check if email is incorrect

	if (!check_email($_POST['email'])){
		$error .= "<li style='font-size:9px;'>Email is incorrect</li>";
	}
	//Check if subject is empty
	if(empty($_POST["subject"])){
		$error .= "<li style='font-size:9px;'>Please enter contact subject</li>";
	}
	//Check if message is empty
	if(empty($_POST["message"])){
		$error .= "<li style='font-size:9px;'>Please enter contact message</li>";
	}


	//echo '<script language="javascript">alert("'.  $_SESSION['security_code'] .'+'. $_POST["code"] .'");

	//Check if security code is correct
	if(($_SESSION['security_code'] == $_POST["code"]) && (!empty($_SESSION['security_code'])) ) {
		unset($_SESSION['security_code']);
	}
	else {

		$error .= "<li style='font-size:9px;'>Security code is incorrect</li>";
	}
	


	if ($error==""){
		$error="null";
		//Send email

		/*
		$to = $_SESSION['companymail'];
		$sub = $subject;
		$mes = $message;
		$from = $email;
		$headers = "From: $from". "-". $fullname;

		mail($to,$sub,$mes,$headers);
		*/

		$to      = $_POST['user_email']; 
		$email   = $_POST['email']; 
		$name    = $_POST['fullname'];
		$subject = $subject; 
		$comment = 'You have received an application for "<a href="'.get_permalink($post->ID).'">'.get_post_meta($post->ID, 'jobtitle', true).'</a>":<br/>'.$message;



		$To          = strip_tags($to);
		$TextMessage =strip_tags(nl2br($comment),"<br>");
		$HTMLMessage =nl2br($comment);
		$FromName    =strip_tags($name);
		$FromEmail   =strip_tags($email);
		$Subject     =strip_tags($subject);
		$Body = strip_tags($message);
		$Headers = "From: $FromName <$FromEmail> 
					Reply-To: $FromEmail";
		
		$boundary1   =rand(0,9)."-"
		.rand(10000000000,9999999999)."-"
		.rand(10000000000,9999999999)."=:"
		.rand(10000,99999);
		$boundary2   =rand(0,9)."-".rand(10000000000,9999999999)."-"
		.rand(10000000000,9999999999)."=:"
		.rand(10000,99999);



		for($i=0; $i < count($_FILES['fileatt']['name']); $i++){
		if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) && 
		   !empty($_FILES['fileatt']['size'][$i]) && 
		   !empty($_FILES['fileatt']['name'][$i])){
			 
		$attach      ='yes';
		$end         ='';

		   $handle      =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb'); 
		   $f_contents  =fread($handle, $_FILES['fileatt']['size'][$i]); 
		   $attachment[]=chunk_split(base64_encode($f_contents));
		   fclose($handle); 

		$ftype[]       =$_FILES['fileatt']['type'][$i];
		$fname[]       =$_FILES['fileatt']['name'][$i];
		}
		}

/***************************************************************
HTML Email WIth Multiple Attachment <<----- Attachment ------
 ***************************************************************/
 
if($attach=='yes') {

$attachments='';
$Headers     =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="$boundary1"
AKAM;

for($j=0;$j<count($ftype); $j++){
$attachments.=<<<ATTA
--$boundary1
Content-Type: $ftype[$j];
	name="$fname[$i]"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="$fname[$j]"

$attachment[$j]

ATTA;
}

$Body        =<<<AKAM
This is a multi-part message in MIME format.

--$boundary1
Content-Type: multipart/alternative;
	boundary="$boundary2"

--$boundary2
Content-Type: text/plain;
	charset="windows-1256"
Content-Transfer-Encoding: quoted-printable

$TextMessage
--$boundary2
Content-Type: text/html;
	charset="windows-1256" \r\n

$HTMLMessage

--$boundary2--

$attachments
--$boundary1--
AKAM;
}

		/***************************************************************
		 Sending Email
		 ***************************************************************/
		$ok=mail($To, $Subject, $Body, $Headers);
		//echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";


	}
	else
	{
		$error="<b>Please fix the following error(s) and resubmit:</b>".$error;

	}






}



//Send mail to friend
if (isset($_POST['action']) && $_POST['action'] == 'send_to_friend') {

	check_admin_referer( 'send_email_to_friend' );
	session_start();

	$fullname = $_POST['fullname'];
	$email = $_POST['email'];
	$subject = $_POST['subject'];
	$message = $_POST['message'];
	$friendsfullname = $_POST['friendsfullname'];
	$friendsemail = $_POST['friendsemail'];
	$code = $_POST['code'];
	

	$error = "";

	//Check if email is incorrect

	if (!check_email($_POST['email'])){
		$error .= "<li style='font-size:9px;'>Your email is incorrect</li>";
	}
	//Check if subject is empty
	if(empty($_POST["subject"])){
		$error .= "<li style='font-size:9px;'>Please enter contact subject</li>";
	}
	//Check if message is empty
	if(empty($_POST["message"])){
		$error .= "<li style='font-size:9px;'>Please enter contact message</li>";
	}

	//Check if friend's email is incorrect

	if (!check_email($_POST['friendsemail'])){
		$error .= "<li style='font-size:9px;'>Friend's email is incorrect</li>";
	}


	//echo '<script language="javascript">alert("'.  $_SESSION['security_code'] .'+'. $_POST["code"] .'");

	//Check if security code is correct
	if(($_SESSION['security_code'] == $_POST["code"]) && (!empty($_SESSION['security_code'])) ) {
		unset($_SESSION['security_code']);
	}
	else {

		$error .= "<li style='font-size:9px;'>Security code is incorrect</li>";
	}
	


	if ($error==""){
		$error="null";
		//Send email

		
		$to = $friendsemail;
		$sub = $subject;
		$mes = $message;
		$from = $email;
		$headers = 'From: '.$fullname.' <'.$from.'>' . "\r\n" .
		    'Reply-To: '.$friendsfullname.' <'.$to.'>' . "\r\n" .
		    'X-Mailer: PHP/' . phpversion();

			
		mail($to,$sub,$mes,$headers);
		

	}
	else
	{
		$error="<b>Please fix the following error(s) and resubmit:</b>".$error;

	}




}




//Get password
if (isset($_POST['action']) && $_POST['action'] == 'getpassword') {
	

	check_admin_referer( 'get-password' );
	

	if(1)
	{
	$error = "";
	$user_id		= $current_user->user_id;


	$youremail 	= $_POST['youremail'];

	$_SESSION['youremail'] = $_POST['youremail'];

	if ( !check_email($youremail) ) {
		$error .= "Please insert a valid mail address!<br />";
	}


	if ( $error == "" ) {
		$profileuser = get_user_by('email',$_POST['youremail']);

		if(!empty($profileuser))
		{

			/*
			$possible = '23456789bcdfghjkmnpqrstvwxyz!@#$%^&*()_+|';
			$code = '';
			$i = 0;
			$characters= 7;
			while ($i < $characters) { 
			 $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
			 $i++;
			}
			*/

			require_once(ABSPATH . 'wp-admin/includes/user.php');
			require_once(ABSPATH . WPINC . '/registration.php');


			//$user = "";
			//$user->ID= $profileuser->ID;
			//$user->user_pass= $code;

			//$id=wp_update_user( get_object_vars( $user ) );


			if(1)
			{

			//Send mail to get password
			$to = $profileuser->user_email;
			$to_name = $profileuser->first_name.' '.$profileuser->last_name;

			$sub = "Your password information is here";
			$mes = "";
			$mes .= "Your user login:  ";
			$mes .= $profileuser->user_login;
			$mes .= "\n\n";
			$mes .= "Click here to create your new password:  ";
			$mes .= get_bloginfo('url')."/?action=ecreatenewpassword&euserlogin=".$profileuser->user_login."&ekey_getpass=". $profileuser->user_pass;


			$from = get_option( 'admin_email' );
			$websitename = get_bloginfo('name');

			$headers = 'From: '.$websitename.' <'.$from.'>' . "\r\n" .
				'Reply-To: '.$to_name.' <'.$to.'>' . "\r\n" .
				'X-Mailer: PHP/' . phpversion();

				
			mail($to,$sub,$mes,$headers);
			}
			

			$error= "null";

		}
		else
		{
			$error .= "Your email has not existed in our current system yet!<br />";
		}
	}


	}
	
}


//Create password
if (isset($_POST['action']) && $_POST['action'] == 'createnewpassword') {
	

	check_admin_referer( 'create-new-password' );


	if(1)
	{
	$error = "";
	$user_id		= $current_user->user_id;


	$pass1 	= $_POST['pass1'];
	$pass2 	= $_POST['pass2'];


	if ( $pass1!=$pass2 ) {
		$error .= "Please insert a valid confirm password!<br />";
	}


	if ( $error == "" ) {
		{

			require_once(ABSPATH . 'wp-admin/includes/user.php');
			require_once(ABSPATH . WPINC . '/registration.php');

			$profileuser = get_user_by('login',$_GET['euserlogin']) ;

			$code= $_POST['pass1'];
			$user = "";
			$user->ID= $profileuser->ID;
			$user->user_pass= $code;

			wp_update_user( get_object_vars( $user ) );


			$error= "null";

		}

	}


	}
	
}


//Add user
if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
	check_admin_referer('add-user');

	$error= "";
	$file_name = "";
		
	if ( $_POST['user_login']=="" || $_POST['email']=="" || $_POST['first_name']=="" || $_POST['last_name']=="" || $_POST['pass1']=="" || $_POST['pass2']=="" ) 
	{
		$error .= "<h3><b>ERROR: </b> You need to fill all fields!</h3><br>";
	}


	if ( $_POST['pass1']!=$_POST['pass2'] ) {
		$error .= "<h3><b>ERROR:</b> Please insert a valid confirm password!</h3><br />";
	}
	
	if(file_exists("wp-content/uploads".$_FILES['avata']['name']))
	{
		$error .= "<h3><b>ERROR:</b> This file had been already.</h3><br />";
	}
	/*if(($_SESSION['security_code'] == $_POST['sec_code']) && (!empty($_SESSION['security_code'])) ) {
		unset($_SESSION['security_code']);		
	}
	else {
		$error .= "The Security Code Is Incorrect";
	}*/
	if($error=="")	{
		
		$user_id = add_user_employer();
		$file_name = $_FILES['avata']['name'];
		add_user_meta($user_id, 'avata', $file_name,true);
		move_uploaded_file($_FILES['avata']['tmp_name'],"wp-content/uploads/".$_FILES['avata']["name"]);

		if ( is_wp_error( $user_id ) ) {
			$add_user_errors = $user_id;
		} else {
			$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
			
			session_register('user_id_yer');
			$_SESSION['user_id_yer'] = $user_id;

			session_register('loged_yer');
			$_SESSION['loged_yer'] = $user_id;			
			
			if( $_POST['action_type']=="register" )
			{
				wp_redirect( get_bloginfo( 'url' ) . "/" );
				die();
			}
		}
	}
	
}


//Change account
if ( isset($_REQUEST['action']) && 'changeaccount' == $_REQUEST['action'] ) {
	check_admin_referer('change-account');

	$error="";

	
	if ( $_POST['first_name']=="" || $_POST['last_name']=="" || $_POST['oldpass']=="" ) 
	{
		$error .= "<b>ERROR:</b> You need to fill all fields!<br>";
	}



	if($error=="")
	{
		
		$profileuser = get_user_to_edit($_SESSION['user_id_yer']);


		if(wp_check_password($_POST['oldpass'], $profileuser->user_pass, $profileuser->ID))
		{

		$user = "";
		$user->ID= $profileuser->ID;

		if ( isset( $_POST['first_name'] ) )
			$user->first_name = sanitize_text_field( $_POST['first_name'] );
		if ( isset( $_POST['last_name'] ) )
			$user->last_name = sanitize_text_field( $_POST['last_name'] );

		$user_id = wp_update_user( get_object_vars( $user ) );

		$error= "null";

		}
		else
		{
			$error .= "<b>ERROR:</b> Your old password is not correct!<br />";
		}


	}

}



//Change password
if ( isset($_REQUEST['action']) && 'changepassword' == $_REQUEST['action'] ) {
	check_admin_referer('change-password');

	$error_= "";

	
	if ( $_POST['pass1']=="" || $_POST['pass2']=="" || $_POST['oldpass']=="" || $_POST['email']==""|| $_POST['zipcode']=="" ) 
	{
		$error_ .= "<b>ERROR:</b> You need to fill all fields!<br>";
	}


	if ( $_POST['pass1']!=$_POST['pass2'] ) {
		$error_ .= "<b>ERROR:</b> Please insert a valid confirm password!<br />";
	}

	if($error_=="")
	{
		
		$profileuser = get_user_to_edit($_SESSION['user_id_yer']);


		if(wp_check_password($_POST['oldpass'], $profileuser->user_pass, $profileuser->ID))
		{

		$user = "";
		$user->ID= $profileuser->ID;

		$user->user_pass = $_POST['pass1'];

		$user_id = wp_update_user( get_object_vars( $user ) );

		$error_= "null";
		}
		else
		{
			$error_ .= "<b>ERROR:</b> Your old password is not correct!<br />";
		}


	}

}


?>